Many Board level executives around the world are still failing to address cyber security issues, while hacktivism and malicious insider threats (intentional leaks) are perceived to be on the rise.
Just 17% of UK business leaders view cyber security as a major priority compared to 41% in the US, research from BT has revealed.
The research, which assessed attitudes to cyber security and levels of preparedness among IT decision-makers, highlights that UK businesses are lagging behind their US counterparts in crucial areas.
Only one-in-five (21%) respondents in the UK are able to measure the return on investment (ROI) of their cyber security measures compared to nine-in-ten (90%) of US companies. Similarly, 86% of US directors and senior decision-makers are given IT security training compared to just 37% in the UK.
More than half (58%) of IT decision-makers globally stated that their Boards underestimate the importance of cyber security. This figure increases to 74% in the US but drops to 55% in the UK.
Hacktivism set to pose greater risk
The difference in levels of preparedness correlates with attitudes to threats. Non-malicious insider threats (eg accidental loss of data) are currently the most commonly cited security concern globally, being reported as a serious threat by 65% of IT decision-makers.
In the UK, this falls to 60% and is followed by malicious insider threats (51%), hacktivism (37%), organised crime (32%), nation states (15%) and terrorism (12%).
In the US, the proportion of IT decision-makers who see non-malicious insider threats as a severe threat increases to 85% and is followed by malicious insider threats (79%), hacktivism (77%), organised crime (75%), terrorism (72%) and nation states (70%).
Mark Hughes: CEO at BT Security
Looking ahead, more than half of global IT decision-makers believe that hacktivism (54%) and malicious insider threats (53%) will pose a greater risk over the next 12 months. In the US, this increases to 73% and 74% respectively. This compares to 29% and 23% in the UK.
Globally, terrorism is seen as the threat least likely to pose more risk over the next 12 months.
Myriad of internal and external threats
Mark Hughes, CEO of BT Security, said: “The research provides a fascinating insight into the changing threat landscape and the challenge this poses for organisations around the world. The massive expansion of employee-owned devices, cloud computing and extranets has multiplied the risk of abuse and attack, leaving organisations exposed to a myriad of internal and external threats which are malicious or accidental.”
Hughes continued: “US businesses should be celebrated for putting cyber security on the front foot. The risks to business are moving too fast for a purely reactive security approach to be successful. Nor should cyber security be seen as an issue for the IT Department alone.”
In response to emerging threats, three quarters (75%) of IT decision-makers globally say they would like to overhaul their infrastructure and design them with security features from the ground up. 74% would like to train all staff in cyber security Best Practice. Similarly, just over half (54%) say they would like to engage an external vendor to monitor the system and prevent attacks.
Hughes added: “As the threat landscape continues to evolve, CEOs and Board level executives need to invest in cyber security and educate their people in the IT Department and beyond. The stakes are too high for cyber security to be pushed to the bottom of the pile.”
About the research
This research was undertaken by Vanson Bourne for BT in October 2013.
Five hundred interviews were carried out with IT decision-makers in medium-to-large sized enterprises across seven countries – UK, France, Germany, USA, Brazil, Hong Kong and Singapore – and in a range of sectors (finance, pharmaceutical, retail and government).
BT Security: staying ahead of the threat curve
BT Security is building on 70 years’ experience of helping organisations around the globe and across all sectors get ahead of the threat curve and reduce the uncertainty and complexity of security.
The company provides an end-to-end capability to help organisations enjoy higher levels of security at a time when security budgets are not keeping pace with the threat landscape.
BT Security thinks about assets, people and processes, and combines these with both network and security intelligence to help customers stay ahead of the security risks.
BT Security protects both BT and its customers. These customers are advised by a global team of 1,300 security practitioners, 600 global security specialists and a professional services team of approximately 4,000.
The BT Security Assure portfolio covers: Assure Managed Firewall, Assure Web Security, Assure Intrusion Prevention, Assure Message Scan, Assure Denial of Service Mitigation, Assure Cyber, Assure Managed Cloud, Assure Threat Monitoring and Assure Vulnerability Scanning.
To find out more about BT Security visit: http://www.bt.com/btassure/securitythatmatters